sunrpc on port 111, ICQ/MSchat summary, anyone?

[don Wang <donwang () uac com>]

Hello, folks,

I have been listening to your experts' opinions for a little while.
Thanks for the Q&As. It's certainly quite an educational process!

Here are my nuts. Hope you can help crack them. Thanks in advance!

Don

---------------------------------------------------------------
I was monitoring our network lately (using a sniffer), and observed some
peculiar packets:
Source IP          Source Port     Dest. IP         Dest. Port
protocol
192.168.1.11     111                192.168.1.4          low
UDP
192.168.1.4       low                192.168.1.11        low
TCP
192.168.1.4       low                192.168.1.11        low
TCP
192.168.1.4       low                192.168.1.11        low
TCP
low: low port numbers (< 1024, somewhere around 500-900. yet not
reserved ports)

The whole network uses NT 4.0 platform, with a primary domain
controller. Does anyone know why port 111 is used? (presumably port 111
is reserved for sunrpc?)

--------------------------------------------------------------
Noticed there was a flurry of conversation on the merits and risks of
ICQ/instant messaging. Since there were so much opposing views in there,
can someone give a balanced summary on the issue? I have seen  people
uses MSN chat, Linux ICQ (LICQ), among other messaging systems. Have you
heard of security breaches because of their usage?

--------------------------------------------------------------
We normally configured our firewall to only take TCP packets on standard
web ports (80 or 8080). Lately we have to temporarily re-configure it
such that we can go certain sites and get information from their
non-standard HTTP ports (random high ports). Is there particular reason
why people use non-standard ports for HTTP? or maybe we are a little
"overzealous" in restricting outside access? What about audio/video
streaming, or FTP through web browser (high ports)?